diff --git a/profiles/all.yml b/profiles/all.yml index a8da13bca99..1f9ab20aa11 100644 --- a/profiles/all.yml +++ b/profiles/all.yml @@ -5,14 +5,6 @@ # Purpose: # This profile is focused on identifying a wide range of security issues across different types of protocols and services. It includes templates for HTTP, TCP, JavaScript, DNS, and SSL to ensure thorough coverage of potential vulnerabilities. # -# Included Templates: -# This configuration references specific templates designed for comprehensive scanning: -# - http: Templates for detecting vulnerabilities in HTTP-based services. -# - tcp: Templates for detecting vulnerabilities in TCP-based services. -# - javascript: Templates for detecting vulnerabilities that are written using the javascript protocol. -# - dns: Templates for detecting vulnerabilities in DNS services. -# - ssl: Templates for detecting SSL/TLS related issues. -# # Running this profile # You can run this profile using the following command: # nuclei -profile all -u https://example.com diff --git a/profiles/aws-cloud-config.yml b/profiles/aws-cloud-config.yml index d989770368a..3951015d714 100644 --- a/profiles/aws-cloud-config.yml +++ b/profiles/aws-cloud-config.yml @@ -8,13 +8,9 @@ # Included Templates: # This configuration references specific templates tagged with 'aws-cloud-config' to cover comprehensive scanning of AWS ACLs. # -# Configuration: -# The profile also includes code templates to enhance detection capabilities. -# Additionally, it sets a variable for the AWS region to 'us-east-1' for template inputs. -# # Running this profile # You can run this profile using the following command: -# nuclei -profile aws-acls +# nuclei -profile aws-cloud-config code: true # enable code templates tags: diff --git a/profiles/cloud.yml b/profiles/cloud.yml index 30ca16211bf..0446d9bc6d6 100644 --- a/profiles/cloud.yml +++ b/profiles/cloud.yml @@ -5,15 +5,10 @@ # Purpose: # This profile is focused on identifying security issues in cloud environments. It includes templates that help detect vulnerabilities and misconfigurations in cloud services and infrastructure, ensuring the security of cloud deployments. # -# Included Templates: -# This configuration references specific templates tagged with 'cloud' and 'devops' to cover comprehensive scanning of cloud environments: -# - cloud: Templates for detecting vulnerabilities and misconfigurations in cloud services. -# - devops: Templates for detecting issues related to DevOps practices in cloud environments. -# # Running this profile # You can run this profile using the following command: # nuclei -profile cloud -u https://example.com tags: - cloud - - devops + - devops \ No newline at end of file diff --git a/profiles/compliance.yml b/profiles/compliance.yml index 544a1958f8b..2688f3799ea 100644 --- a/profiles/compliance.yml +++ b/profiles/compliance.yml @@ -5,29 +5,6 @@ # Purpose: # This profile is focused on identifying a wide range of security issues to ensure compliance with various security standards and best practices. It includes templates for detecting misconfigurations, vulnerabilities, exposures, and other security risks. # -# Included Templates: -# This configuration references specific templates tagged with various security-related tags to cover comprehensive compliance scanning: -# - misconfig: Templates for detecting misconfigurations. -# - cve: Templates for detecting Common Vulnerabilities and Exposures. -# - exposure: Templates for detecting sensitive information exposures. -# - default-login: Templates for detecting default login credentials. -# - xss: Templates for detecting Cross-Site Scripting vulnerabilities. -# - lfi: Templates for detecting Local File Inclusion vulnerabilities. -# - edb: Templates for vulnerabilities listed in the Exploit Database. -# - rce: Templates for detecting Remote Code Execution vulnerabilities. -# - sqli: Templates for detecting SQL Injection vulnerabilities. -# - unauth: Templates for detecting unauthorized access vulnerabilities. -# - ssrf: Templates for detecting Server-Side Request Forgery vulnerabilities. -# - redirect: Templates for detecting open redirection vulnerabilities. -# - disclosure: Templates for detecting sensitive information disclosure. -# - takeover: Templates for detecting subdomain takeover vulnerabilities. -# - traversal: Templates for detecting directory traversal vulnerabilities. -# - generic: Templates for detecting generic security issues. -# - deserialization: Templates for detecting deserialization vulnerabilities. -# - ssl: Templates for detecting SSL/TLS related issues. -# - keys: Templates for detecting exposed keys. -# - token: Templates for detecting exposed tokens. -# # Running this profile # You can run this profile using the following command: # nuclei -profile compliance -u https://example.com diff --git a/profiles/cves.yml b/profiles/cves.yml index 9fb0523b570..5354f784996 100644 --- a/profiles/cves.yml +++ b/profiles/cves.yml @@ -5,13 +5,6 @@ # Purpose: # This profile is focused on identifying vulnerabilities listed in the Common Vulnerabilities and Exposures (CVE) database. Detecting CVEs is essential for mitigating risks associated with known security flaws in software and systems. # -# Included Templates: -# This configuration references specific templates designed to detect CVEs: -# - http/cves/: This directory contains templates for detecting CVEs in HTTP-based services. -# - http/cnvd/: This directory contains templates for detecting vulnerabilities listed in the Chinese National Vulnerability Database (CNVD). -# - network/cves/: This directory contains templates for detecting CVEs in network services. -# - javascript/cves/: This directory contains templates for detecting CVEs in JavaScript-based applications. -# # Running this profile # You can run this profile using the following command: # nuclei -profile cves -u https://example.com diff --git a/profiles/default-login.yml b/profiles/default-login.yml index f03ef739925..99a46542f5c 100644 --- a/profiles/default-login.yml +++ b/profiles/default-login.yml @@ -5,12 +5,6 @@ # Purpose: # This profile is focused on identifying instances where default login credentials are being used. Default logins can pose significant security risks as they are often targeted by attackers to gain unauthorized access to systems. # -# Included Templates: -# This configuration references specific templates designed to detect default login scenarios: -# - http/default-logins/: This directory contains templates for detecting default login credentials in HTTP-based services. -# - network/default-login/: This directory contains templates for detecting default login credentials in network services. -# - javascript/default-logins/: This directory contains templates for detecting default login credentials, the templates are made using the javascript protocol. -# # Running this profile # You can run this profile using the following command: # nuclei -profile default-login -u https://example.com diff --git a/profiles/kev.yml b/profiles/kev.yml index 6b43543cfd6..c17201c188d 100644 --- a/profiles/kev.yml +++ b/profiles/kev.yml @@ -6,10 +6,6 @@ # This profile is focused on identifying vulnerabilities that are listed in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog. # Detecting KEVs is crucial for mitigating risks associated with known and actively exploited vulnerabilities. # -# Included Templates: -# This configuration references specific templates designed to detect KEVs: -# - tags/kev/: This directory contains templates tagged with 'kev' that are specifically focused on detecting known exploited vulnerabilities. -# # Running this profile # You can run this profile using the following command: # nuclei -profile kev -u https://example.com diff --git a/profiles/misconfigurations.yml b/profiles/misconfigurations.yml index 6b7c1c6114a..069c99187e2 100644 --- a/profiles/misconfigurations.yml +++ b/profiles/misconfigurations.yml @@ -5,12 +5,6 @@ # Purpose: # This profile is focused on identifying various misconfigurations that can lead to security vulnerabilities. Detecting and correcting misconfigurations is essential for maintaining the security and integrity of systems and applications. # -# Included Templates: -# This configuration references specific templates designed to detect misconfigurations: -# - http/misconfiguration/: Templates for detecting misconfigurations in HTTP-based services. -# - network/misconfig/: Templates for detecting misconfigurations in network services. -# - javascript/misconfiguration/: Templates written using javascript protocol for detecting misconfigurations in applications. -# # Running this profile # You can run this profile using the following command: # nuclei -profile misconfigurations -u https://example.com diff --git a/profiles/osint.yml b/profiles/osint.yml index b718ce875d0..afbe0e34065 100644 --- a/profiles/osint.yml +++ b/profiles/osint.yml @@ -5,21 +5,6 @@ # Purpose: # This profile is focused on identifying various OSINT-related security risks, including exposed information, backdoors, command and control servers, and more. OSINT scanning helps in gathering intelligence that could be used to identify potential threats and vulnerabilities. # -# Included Templates: -# This configuration references specific templates tagged with various OSINT-related tags to cover comprehensive OSINT scanning: -# - osint: Templates for detecting OSINT-related vulnerabilities and exposures. -# - honeypot: Templates for detecting honeypots. -# - backdoor: Templates for detecting backdoors. -# - c2: Templates for detecting command and control servers. -# - osint-social: Templates for detecting social media related exposures. -# - exposures: Templates for detecting exposed sensitive information. -# - malware: Templates for detecting malware-related activities. -# - enum: Templates for enumeration activities. -# - phishing: Templates for detecting phishing-related issues. -# -# Included Tags: -# This configuration also includes additional templates tagged with 'phishing' for a more focused detection. -# # Running this profile # You can run this profile using the following command: # nuclei -profile osint -u https://example.com diff --git a/profiles/pentest.yml b/profiles/pentest.yml index 4dafb859cb3..5fbda0007ea 100644 --- a/profiles/pentest.yml +++ b/profiles/pentest.yml @@ -5,20 +5,6 @@ # Purpose: # This profile is focused on identifying security vulnerabilities across various protocols and services, including HTTP, TCP, JavaScript, DNS, and SSL. It excludes templates related to Denial of Service (DoS), fuzzing, and Open Source Intelligence (OSINT) to ensure focused and efficient penetration testing. # -# Included Templates: -# This configuration references specific templates designed for penetration testing: -# - http: Templates for detecting vulnerabilities in HTTP-based services. -# - tcp: Templates for detecting vulnerabilities in TCP-based services. -# - javascript: Templates written using javasxript protocol for detecting vulnerabilities in applications. -# - dns: Templates for detecting vulnerabilities in DNS services. -# - ssl: Templates for detecting SSL/TLS related issues. -# -# Excluded Tags: -# This configuration excludes templates tagged with 'dos', 'fuzz', and 'osint' to avoid unnecessary and potentially disruptive tests: -# - dos: Templates for Denial of Service attacks. -# - fuzz: Templates for fuzzing. -# - osint: Templates for Open Source Intelligence gathering. -# # Running this profile # You can run this profile using the following command: # nuclei -profile pentest -u https://example.com diff --git a/profiles/recommended.yml b/profiles/recommended.yml index ea564d077af..9e33a6066c8 100644 --- a/profiles/recommended.yml +++ b/profiles/recommended.yml @@ -5,83 +5,6 @@ # Purpose: # This profile is focused on identifying a wide range of security vulnerabilities across various protocols and services. It includes templates with different severity levels and excludes certain tags and template IDs to provide a balanced and focused detection approach. # -# Included Templates: -# This configuration references specific templates designed for comprehensive security scanning: -# - severity: Templates with critical, high, medium, low, and unknown severity levels. -# - type: Templates for detecting vulnerabilities in HTTP, TCP, and templates written in javascript protocol. -# -# Excluded Tags: -# This configuration excludes templates tagged with the following to avoid unnecessary and potentially disruptive tests: -# - tech -# - dos -# - fuzz -# - creds-stuffing -# - token-spray -# - osint -# -# Excluded IDs: -# This configuration excludes specific template IDs to further refine the detection scope: -# - CVE-2021-45967 -# - CVE-2021-36380 -# - CVE-2021-33544 -# - CVE-2021-32305 -# - CVE-2021-31755 -# - CVE-2021-28164 -# - CVE-2021-27931 -# - CVE-2021-26855 -# - CVE-2021-25052 -# - CVE-2021-1498 -# - CVE-2020-7796 -# - CVE-2020-5775 -# - CVE-2020-35713 -# - CVE-2020-26919 -# - CVE-2020-25223 -# - CVE-2020-24148 -# - CVE-2020-10770 -# - CVE-2019-9978 -# - CVE-2019-8451 -# - CVE-2019-3929 -# - CVE-2019-2767 -# - CVE-2019-2616 -# - CVE-2019-20224 -# - CVE-2019-19824 -# - CVE-2019-10758 -# - CVE-2018-16167 -# - CVE-2018-15517 -# - CVE-2018-1000600 -# - CVE-2017-9506 -# - CVE-2017-3506 -# - CVE-2017-18638 -# - CVE-2016-1555 -# - CVE-2015-8813 -# - CVE-2014-3206 -# - CVE-2009-4223 -# - CNVD-2021-09650 -# - generic-tokens -# - credentials-disclosure -# - targa-camera-ssrf -# - cloudflare-external-image-resize -# - linkerd-ssrf-detection -# - ssrf-via-oauth-misconfig -# - tls-sni-proxy -# - xmlrpc-pingback-ssrf -# - hashicorp-consul-rce -# - mirai-unknown-rce -# - optilink-ont1gew-gpon-rce -# - sar2html-rce -# - zimbra-preauth-ssrf -# - wp-xmlrpc-pingback-detection -# - fastjson-1-2-41-rce -# - fastjson-1-2-42-rce -# - fastjson-1-2-43-rce -# - fastjson-1-2-62-rce -# - fastjson-1-2-67-rce -# - fastjson-1-2-68-rce -# - request-based-interaction -# - open-proxy-internal -# - open-proxy-localhost -# - open-proxy-portscan -# # Running this profile # You can run this profile using the following command: # nuclei -profile recommended -u https://example.com diff --git a/profiles/subdomain-takeovers.yml b/profiles/subdomain-takeovers.yml index a70812bc236..eb835e0407b 100644 --- a/profiles/subdomain-takeovers.yml +++ b/profiles/subdomain-takeovers.yml @@ -7,12 +7,6 @@ # Subdomain takeovers can occur when a DNS entry points to a deprovisioned or unclaimed cloud resource, potentially # allowing an attacker to claim the resource and hijack the subdomain. # -# Included Templates: -# This configuration references specific templates designed to detect subdomain takeover scenarios: -# - http/takeovers/: This directory contains general templates for detecting HTTP-based subdomain takeovers. -# - dns/azure-takeover-detection.yaml: This template specifically checks for subdomain takeovers on Microsoft Azure. -# - dns/elasticbeanstalk-takeover.yaml: This template specifically checks for subdomain takeovers on AWS Elastic Beanstalk. -# # Running this profile # You can run this profile using the following command : # nuclei -profile subdomain-takeovers -u https://www.example.com diff --git a/profiles/wordpress.yml b/profiles/wordpress.yml index fd22d449dd6..dcdbcf0c4dd 100644 --- a/profiles/wordpress.yml +++ b/profiles/wordpress.yml @@ -5,10 +5,6 @@ # Purpose: # This profile is focused on identifying security issues specific to WordPress, including vulnerable plugins, themes, and core components. Ensuring the security of WordPress installations is crucial due to its widespread use and common targeting by attackers. # -# Included Templates: -# This configuration references specific templates tagged with 'wordpress' to cover comprehensive WordPress scanning: -# - wordpress: Templates for detecting vulnerabilities and misconfigurations in WordPress installations, plugins, and themes. -# # Running this profile # You can run this profile using the following command: # nuclei -profile wordpress -u https://example.com